New Vulnerability Test Highlights
Some of the more interesting vulnerability tests we added recently are as follows:
Apache
-
- Apache HTTP Server Certificate Restriction Bypass Vulnerability ( CVE-2016-4979)
-
- Apache HTTP Server FilesMatch Directive Improper Input Validation Vulnerability ( CVE-2017-15715)
-
- Apache HTTP Server HTTP2 Memory Handling Error Vulnerability ( CVE-2017-9789)
-
- Apache HTTP Server HTTP2 Write After Free Vulnerability ( CVE-2018-1302)
-
- Apache HTTP Server mod_authnz_ldap Out-of-Bound Write Vulnerability ( CVE-2017-15710)
-
- Apache HTTP Server mod_auth_digest Uninitialized Memory Reflection Vulnerability ( CVE-2017-9788)
-
- Apache HTTP Server mod_auth_digest Weak Digest Auth Nonce Generation Vulnerability ( CVE-2018-1312)
-
- Apache HTTP Server mod_cache_socache out of Bound Read Vulnerability ( CVE-2018-1303)
-
- Apache HTTP Server mod_http2 Denial of Service Vulnerability ( CVE-2016-8740)
-
- Apache HTTP Server mod_session Tampering Vulnerability ( CVE-2018-1283)
-
- Apache HTTP Server mod_session_crypto Padding Oracle Attack Vulnerability ( CVE-2016-0736)
-
- Apache HTTP Server out of Bound Access Vulnerability ( CVE-2018-1301)
-
- Apache HTTP Stream-processing Outage Denial of Service Vulnerability ( CVE-2016-1546)
-
- Apache Tomcat HTTP2 Directory Traversal Vulnerability ( CVE-2017-7675)
-
- Apache Tomcat HTTP2 Header Parser Denial of Service Vulnerability ( CVE-2016-6817)
-
- Apache Tomcat SecurityManager Bypass via JSP Servlet Configuration Parameter Manipulation ( CVE-2016-6796)
-
- Apache Tomcat SecurityManager Bypass Vulnerability via Tomcat IntrospectHelper Utility Method ( CVE-2016-5018)
Clam AV
-
- ClamAV cabd_read_string (in mspack/cabd.c) Stack-based Buffer Over-Read Vulnerability ( CVE-2017-11423)
-
- ClamAV lzxd_decompress (in lzxd.c) Heap Memory Buffer Overflow Vulnerability ( CVE-2017-6419)
-
- ClamAV multiple functions (in libclamunrar/unrarvm.c) Heap Memory Overflow Vulnerability ( CVE-2012-6706)
-
- ClamAV pdf_parse_array and pdf_parse_string (in pdfng.c) Heap Memory Overflow Vulnerability (CSCvh91380 and CSCvh91400) ( CVE-2018-0202)
-
- ClamAV xar_hash_check (in xar.c) Out-of-Bounds Heap Read Vulnerability ( CVE-2018-1000085)
FTP
-
- FTP AUTH TLS Plaintext Command Injection Vulnerability ( CVE-2011-1575, CVE-2011-4130)
-
- FTP Cleartext Authentication and Unencrypted Communication Channel Accessibility
-
- FTP Server .forward File Information Disclosure Vulnerability
-
- FTP Server .rhosts File Information Disclosure Vulnerability
JBoss
-
- JBoss mod_cluster Segmentation Fault Vulnerability (prior to 1.3.5) ( CVE-2016-8612)
How to Update?
All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.